chore(deps): bump the composer group in /test/acceptance/workspaces/composer-app with 6 updates

[dependabot]

Bumps the composer group in /test/acceptance/workspaces/composer-app with 6 updates:

Package	From	To
yiisoft/yii	1.1.14	1.1.29
aws/aws-sdk-php	3.0.0	3.288.1
doctrine/common	2.5.0	2.5.1
guzzlehttp/guzzle	6.3.0	7.9.2
guzzlehttp/psr7	1.4.2	2.7.0
twig/twig	1.35.0	1.44.8

Updates yiisoft/yii from 1.1.14 to 1.1.29

Release notes

Sourced from yiisoft/yii's releases.

Version 1.1.29

https://www.yiiframework.com/news/587/yii-1-1-29-is-released

Version 1.1.28

https://www.yiiframework.com/news/549/yii-1-1-28-is-released-and-security-support-extended

Version 1.1.27

https://www.yiiframework.com/news/510/yii-1-1-27-is-released

Version 1.1.26

https://www.yiiframework.com/news/495/yii-1-1-26-is-released

Version 1.1.25

https://www.yiiframework.com/news/419/yii-1-1-25-is-released

Version 1.1.24

https://www.yiiframework.com/news/369/yii-1-1-24-is-released-and-security-support-extended

Version 1.1.23

https://www.yiiframework.com/news/318/yii-1-1-23-is-released

Version 1.1.22

https://www.yiiframework.com/news/267/yii-1-1-22-is-released

Version 1.1.21

https://www.yiiframework.com/news/206/yii-1-1-21-is-released

Version 1.1.20

https://www.yiiframework.com/news/178/yii-1-1-20-is-released

Version 1.1.19

This release is a maintenance release of Yii 1.1.x which contains compatibility fixes for PHP 7.0 and 7.1.

See the complete release announcement for all details: http://www.yiiframework.com/news/137/yii-1-1-19-is-released/

Version 1.1.18

This release is a maintenance release of Yii 1.1.x which contains compatibility fixes for PHP 7.0 and 7.1.

See the complete release announcement for all details: http://www.yiiframework.com/news/133/yii-1-1-18-is-released/

Version 1.1.17

This is the last release of Yii 1.1.x containing Enhancements. Future releases will be bugfix only.

See the complete release announcement for all details: http://www.yiiframework.com/news/93/yii-1-1-17-is-released/

Version 1.1.16

... (truncated)

Changelog

Sourced from yiisoft/yii's changelog.

Version 1.1.29 November 14, 2023

• Bug #4516: PHP 8 compatibility: Allow union types and intersection types in action declarations (wtommyw)
• Bug #4523: Fixed translated in Greek class messages in framework requirements view, which they should not be translated (lourdas)
• Bug #4534: PHP 8.2 compatibility: Fix deprecated dynamic properties in gii/components/Pear/Text/Diff (mdeweerd, marcovtwout)
• Bug: CVE-2023-47130. Prevent RCE when deserializing untrusted user input (ma4ter222, marcovtwout)
• Enh #4529: Exceptions thrown while loading fixture file rows now contain more details (eduardor2k)
• Enh #4533: Various refactorings applied based on PHAN checks (marcovtwout)

Version 1.1.28 February 28, 2023

• Bug #4484: Set Last-Modified after sending cache control headers (jannis701, wtommyw)
• Bug #4491: Fixed limit and Offset not working correctly with MSSQL version 11 (2012) and newer (shnoulle, wtommyw)
• Bug #4497: PHP 8.1 compatibility: Fix unserialize null in CRedisCache (kenguest, wtommyw)
• Bug #4499: PHP 8.1 compatibility: Fix deprecation warning in COciSchema (marcovtwout)
• Bug #4500: PHP 8.1 compatibility: Fix deprecation warnings in CMysql classes (csears123)
• Bug #4507: PHP 8.1 compatibility: Fix deprecation warning in CWebUser (marcovtwout, wtommyw)
• Enh #4490: Added support for PostgreSQL 15 (sternix, marcovtwout)
• Enh #4503: Update tests and code for PHP 8.1 compatibility, stop suppressing deprecation warnings in tests (wtommyw)
• Enh #4505: Added support for PHP 8.2 (wtommyw)

Version 1.1.27 November 21, 2022

• Bug: PHP 8.1 compatibility: Fix CFileCache call of file_get_contents (Bregi)
• Bug: CVE-2022-41922. Prevent RCE when deserializing untrusted user input (fi3wey, marcovtwout)

Version 1.1.26 September 30, 2022

• Bug #4453: Alpine Linux compatibility: Avoid using GLOB_BRACE in CFileHelper::removeDirectory (ivany4)
• Enh #4386: Added support for PHP 8.1 (marcovtwout, JonathanArgentao, ivany4, csears123)
• Enh #4386: Updated HTMLPurifier to version 4.15.0 for PHP 8.1 support (https://github.com/ezyang/htmlpurifier/blob/v4.15.0/NEWS) (marcovtwout)
• Enh #4392: Added support for SSL to CRedisCache (andres101)

Version 1.1.25 December 13, 2021

• Bug #4226: Fix for Gii diff displaying "reset() expects parameter 1 to be array, integer given" (LeoZandvliet, marcovtwout)
• Bug #4369: PHP 8.0 compatibility: Fix warning "Only the first byte will be assigned to the string offset" when generating code with Gii (marcovtwout)
• Bug #4374: Fix for createUpdateCommand which did not accept just a table name when using MSSQL (c-schmitz)
• Bug #4380: Prevent fatal errors while validating CSRF token of malformed requests (rob006)
• Bug #4382: PHP 8.0 compatibility: Fix CFileLogRoute throwing TypeError when logfile cannot be opened (marcovtwout)

Version 1.1.24 June 7, 2021

• Bug #4339: "There is no active transaction" when transaction is autocommitted (twisted1919)

... (truncated)

Commits

• f89b76e Release version 1.1.29
• 37142be Merge pull request from GHSA-mw2w-2hj2-fg8q
• d687882 FIX: Check the proper value
• f687987 Merge branch 'advisory-fix-marcovtwout' of github.com:yiisoft/yii-ghsa-mw2w-2...
• a113037 Change is_string to is_scalar to accept more argument types even though strin...
• 22c4c2b Merge branch 'master' into advisory-fix-marcovtwout
• 6d8e867 Merge pull request #4537 from yiisoft/4533-phan-check-improvements
• 0361fac Merge pull request #4536 from yiisoft/4534-fix-pear-diff-php-deprecations
• 3719f5d Update CHANGELOG
• ac88032 Improve formatting
• Additional commits viewable in compare view

Updates aws/aws-sdk-php from 3.0.0 to 3.288.1

Commits

• a1dfa12 3.288.1 release
• 2f62b76 Update models for release
• aebc9f8 bugfix: dot segment handling (#2835)
• 3daedce Revert "enhancement: Endpointv2 Middleware (#2790)" (#2833)
• dca4bc1 enhancement: Endpointv2 Middleware (#2790)
• 6485aad 3.288.0 release
• e11cb12 Update models for release
• efe7b6e 3.287.1 release
• 25ad715 Update models for release
• f1bd5c0 enhancement: hostname resolution (#2831)
• Additional commits viewable in compare view

Updates doctrine/common from 2.5.0 to 2.5.1

Commits

• 0009b8f Merge branch 'master' of github.com:doctrine/common
• b3ae747 [DCOM-293] Fix security misconfiguration vulnerability that can lead to local...
• 7d4f8e4 Merge pull request #350 from 4alexandr/master
• ff72726 Remove the hhvm-nightly job from the matrix
• 5add480 Merge pull request #366 from marcel-burkhard/patch-1
• 9b30b43 Update DefaultFileLocator.php
• ad89591 Merge pull request #361 from DavidPrevot/test
• b950908 Bumping version to 2.6.0-DEV
• 18217c3 Fix static call in test
• 74fc182 Made PATTERN_MATCH_ID_METHOD more flexible
• See full diff in compare view

Updates guzzlehttp/guzzle from 6.3.0 to 7.9.2

Release notes

Sourced from guzzlehttp/guzzle's releases.

Release 7.9.2

Fixed

• Adjusted handler selection to use cURL if its version is 7.21.2 or higher, rather than 7.34.0

Release 7.9.1

Fixed

• Fix TLS 1.3 check for HTTP/2 requests

Release 7.9.0

Changed

• Improve protocol version checks to provide feedback around unsupported protocols
• Only select the cURL handler by default if 7.34.0 or higher is linked
• Improved CurlMultiHandler to avoid busy wait if possible
• Dropped support for EOL guzzlehttp/psr7 v1
• Improved URI user info redaction in errors

Release 7.8.2

Added

• Support for PHP 8.4

Release 7.8.1

Changed

• Updated links in docs to their canonical versions
• Replaced call_user_func* with native calls

Release 7.8.0

See change log for changes.

Release 7.7.1

See change log for changes.

Release 7.7.0

See change log for changes.

Release 7.6.1

See change log for changes.

Release 7.6.0

See change log for changes.

Release 7.5.3

See change log for changes.

Release 7.5.2

See change log for changes.

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.9.2 - 2024-07-24

Fixed

• Adjusted handler selection to use cURL if its version is 7.21.2 or higher, rather than 7.34.0

7.9.1 - 2024-07-19

Fixed

• Fix TLS 1.3 check for HTTP/2 requests

7.9.0 - 2024-07-18

Changed

• Improve protocol version checks to provide feedback around unsupported protocols
• Only select the cURL handler by default if 7.34.0 or higher is linked
• Improved CurlMultiHandler to avoid busy wait if possible
• Dropped support for EOL guzzlehttp/psr7 v1
• Improved URI user info redaction in errors

7.8.2 - 2024-07-18

Added

• Support for PHP 8.4

7.8.1 - 2023-12-03

Changed

• Updated links in docs to their canonical versions
• Replaced call_user_func* with native calls

7.8.0 - 2023-08-27

Added

• Support for PHP 8.3
• Added automatic closing of handles on CurlFactory object destruction

7.7.1 - 2023-08-27

Changed

... (truncated)

Commits

• d281ed3 [7.9] Release 7.9.2 (#3242)
• 11d3f21 Adjust minimum curl version from 7.34.0 to 7.21.2 (#3241)
• a629e5b Release 7.9.1 (#3239)
• 40ad735 Fix HTTP 2.0 - TLS 1.3 check (#3238)
• 84ac2b2 Release 7.9.0 (#3237)
• 3bec073 Drop PSR7 v1 and redact URI user info in errors (#3236)
• 740e191 Merge branch '7.8' into 7.9
• f4152d9 Release 7.8.2 (#3235)
• 0e9dcae Improve CurlMultiHandler to avoid busy wait if possible (#3234)
• 3838e05 Improve Accept-Encoding documentation (#3215)
• Additional commits viewable in compare view

Updates guzzlehttp/psr7 from 1.4.2 to 2.7.0

Release notes

Sourced from guzzlehttp/psr7's releases.

2.7.0

Added

• Add Utils::redactUserInfo() method
• Add ability to encode bools as ints in Query::build

---

See also the change log for changes.

2.6.3

Fixed

• Make StreamWrapper::stream_stat() return false if inner stream's size is null

Changed

• PHP 8.4 support

---

See also the change log for changes.

2.6.2

Fixed

• Fixed another issue with the fact that PHP transforms numeric strings in array keys to ints

Changed

• Updated links in docs to their canonical versions
• Replaced call_user_func* with native calls

---

See also the change log for changes.

2.6.1

See change log for changes.

2.6.0

See change log for changes.

2.5.1

See change log for changes.

2.5.0

See change log for changes.

2.4.5

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

2.7.0 - 2024-07-18

Added

• Add Utils::redactUserInfo() method
• Add ability to encode bools as ints in Query::build

2.6.3 - 2024-07-18

Fixed

• Make StreamWrapper::stream_stat() return false if inner stream's size is null

Changed

• PHP 8.4 support

2.6.2 - 2023-12-03

Fixed

• Fixed another issue with the fact that PHP transforms numeric strings in array keys to ints

Changed

• Updated links in docs to their canonical versions
• Replaced call_user_func* with native calls

2.6.1 - 2023-08-27

Fixed

• Properly handle the fact that PHP transforms numeric strings in array keys to ints

2.6.0 - 2023-08-03

Changed

• Updated the mime type map to add some new entries, fix a couple of invalid entries, and remove an invalid entry
• Fallback to application/octet-stream if we are unable to guess the content type for a multipart file upload

2.5.1 - 2023-08-03

Fixed

• Corrected mime type for .acc files to audio/aac

Changed

• PHP 8.3 support

... (truncated)

Commits

• a70f5c9 Release 2.7.0 (#615)
• 5a1f771 Add ability to encode bools and ints (#614)
• 9aed204 [2.7] Add Utils::redactUserInfo() method (#613)
• 6de2986 Release 2.6.3 (#612)
• 731ee08 Fix code style (#611)
• 89eafc3 Test on PHP 8.4 (#610)
• 04e3e83 Make StreamWrapper::stream_stat() returns false if inner stream's size is...
• 5b4d5ac [2.6] Update deps (#609)
• a243f80 Synced readme with actual definitions (#601)
• 0423dd4 Fixes for PHP 8.4 deprecation (#600)
• Additional commits viewable in compare view

Updates twig/twig from 1.35.0 to 1.44.8

Changelog

Sourced from twig/twig's changelog.

1.44.8 (2024-09-09)

• Fix a security issue when an included sandboxed template has been loaded before without the sandbox context

1.44.7 (2022-09-28)

• Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

1.44.6 (2021-11-25)

• Last version for the 1.x series

1.44.5 (2021-09-17)

• Improve compatibility with PHP 8.1
• Explicitly specify the encoding for mb_ord in JS escaper

1.44.4 (2021-05-16)

• Revert "Throw a proper exception when a template name is an absolute path (as it has never been supported)"

1.44.3 (2021-05-12)

• Fix PHP 8.1 compatibility
• Throw a proper exception when a template name is an absolute path (as it has never been supported)

1.44.2 (2021-01-05)

• Fix "odd" not working for negative numbers

1.44.1 (2020-10-27)

• Fix "include(template_from_string())"

1.44.0 (2020-10-21)

• Remove implicit dependency on ext/iconv in JS escaper
• Fix sandbox support when using "include(template_from_string())"
• Make round brackets optional for one argument tests like "same as" or "divisible by"
• Add support for ES2015 style object initialisation shortcut { a } is the same as { 'a': a }
• Fix filter(), map(), and reduce() to throw a RuntimeError instead of a PHP TypeError
• Drop PHP 7.1 support

1.43.1 (2020-08-05)

• Fix sandbox not disabled if syntax error occurs within {% sandbox %} tag
• Fix a regression when not using a space before an operator
• Restrict callables to closures in filters
• Allow trailing commas in argument lists (in calls as well as definitions)

... (truncated)

Commits

• b1f009c Prepare the 1.44.8 release
• 7afa198 Fix a security issue when an included sandboxed template has been loaded befo...
• 0887422 Prepare the 1.44.7 release
• 35f3035 security #cve- Fix a security issue on filesystem loader (possibility to load...
• f800934 Fix a security issue on filesystem loader (possibility to load a template out...
• ae39480 Prepare the last release for the 1.x series
• 7e5ba95 minor #3584 Fix emphasis on compiler to bold styling (jonnyeom)
• 97ae3c8 Fix emphasis on compiler to bold styling
• 8bab813 minor #3570 Update .gitattributes to exclude non-dist files (kaznovac)
• 92766d0 Update .gitattributes to exclude non-dist files
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.